文档

Workbench服务关联角色

更新时间:

本文介绍Workbench服务关联角色AliyunServiceRoleForECSWorkbench以及如何删除该角色。

背景信息

Workbench服务关联角色AliyunServiceRoleForECSWorkbench是访问控制提供的一种服务关联角色。通过AliyunServiceRoleForECSWorkbench,Workbench可以获得云服务器ECS、ECI的访问权限。更多信息,请参见服务关联角色

AliyunServiceRoleForECSWorkbench权限说明

  • 角色名称:AliyunServiceRoleForECSWorkbench

  • 权限策略:AliyunServiceRolePolicyForECSWorkbench

  • 权限策略内容:

    {
      "Version": "1",
      "Statement": [
        {
          "Action": "ram:DeleteServiceLinkedRole",
          "Resource": "*",
          "Effect": "Allow",
          "Condition": {
            "StringEquals": {
              "ram:ServiceName": "workbench.ecs.aliyuncs.com"
            }
          }
        },
        {
          "Action": "eci:DescribeContainerGroups",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ecs:DescribeInstances",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ecs:StartTerminalSession",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ecs:DescribeInvocations",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ecs:InvokeCommand",
          "Resource": "*",
          "Effect": "Allow"
        },
        {
           "Action": "eci:ExecContainerCommand",
           "Resource": "*",
           "Effect": "Allow"
         }
      ]
    }

创建AliyunServiceRoleForECSWorkbench

在您使用Workbench时,系统会检查当前账号是否已有AliyunServiceRoleForECSWorkbench,如果不存在则自动创建。

AliyunServiceRoleForECSWorkbench包含系统权限策略AliyunServiceRolePolicyForECSWorkbench。服务关联角色包含的权限策略由对应的云服务定义和使用,您不能为服务关联角色添加、修改或删除权限。

删除AliyunServiceRoleForECSWorkbench

如果您不再需要使用AliyunServiceRoleForECSWorkbench,可以删除AliyunServiceRoleForECSWorkbench。具体操作,请参见删除RAM角色

常见问题

为什么我的RAM用户无法自动创建Workbench服务关联角色AliyunServiceRoleForECSWorkbench?

您需要拥有指定的权限,才能自动创建或删除AliyunServiceRoleForECSWorkbench。因此,在RAM用户无法自动创建AliyunServiceRoleForECSWorkbench时,您需为其或者添加系统权限AliyunECSWorkbenchFullAccess或添加以下权限策略。关于AliyunECSWorkbenchFullAccess的更多详情,请参见AliyunECSWorkbenchFullAccess

{
  "Version": "1",
  "Statement": [
    {
      "Action": "ecs-workbench:LoginInstance",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "workbench.ecs.aliyuncs.com"
        }
      }
    }
  ]
}
说明

请将主账号ID替换为您实际的阿里云账号(主账号)ID。

  • 本页导读 (1)